You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.5.0.2) > MFSA 2006-23
Mozilla Foundation Security Advisory 2006-23
Title: File stealing by changing input type
Impact: High
Date: April 13, 2006
Reporter: Claus Jörgensen
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.5.0.2
Firefox 1.0.8
SeaMonkey 1.0.1
Mozilla Suite 1.7.13
Description
Claus Jörgensen reports that a text input box can be pre-filled with a filename and then turned into a file-upload control with the contents intact, allowing a malicious website the ability to steal any local file whose name they can guess.
Jesse Ruderman reports a variation, changing the type of the input control in an event handler to work around some of the initial checks.
Workaround
Upgrade to fixed version.
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=325947
-
https://bugzilla.mozilla.org/show_bug.cgi?id=328566
CVE-2006-1729